>>it looks like you are interested to ring0 detouring
nope.
>>I found also it is not necessary to patch KiSystemCallExitBranch
>>from 7506 (jnz KiSystemCallExit2) to 7505 (jnz KiSystemCallExit).
verry nessesary:) remember, why we are replaicing pair SYSENTER-SYSEXIT
by INT-IRET!?
(that will your 9th power post~:)
another Q: there is III virtual address for 41000, wich is!? :)
|